HomeCRACS Publicatons

A pure Java cryptographic provider supporting the U.Porto smartcard

TitleA pure Java cryptographic provider supporting the U.Porto smartcard
Publication TypeConference Paper
Year of Publication2015
AuthorsJoão Poço and Pedro Faria and Manuel Eduardo Correia
Refereed DesignationRefereed
Refereed DesignationRefereed
Conference Name13th Annual European Campus Card Association Conference (ECCA 2015)
Month of PublishMay
Conference LocationPrague, Czech Republic
Abstract

The U.Porto smart card identity project, provided by Santander Totta, constitutes a transversal
pivotal contribution for student mobility within campus and at the same time increases the
sharing of resources and the improvement of the quality of services offered to the academy as
a whole. This card has quickly become an indispensable tool for the members of the
academia, since it provides access to a set of numerous digital services whose number is
growing. In this context and with its ever increasing widespread use, came the opportunity to
enhance the services provided by the U.Porto information system through a more seamless
incorporation of the cryptographic capabilities provided by smart cards. Our goal is to allow
the members of the academia to digitally sign documents and perform strong twofactor
authentication. Unfortunately we found the manufacturer provided middleware for the U.Porto
smart card to be quite limited when it comes to integration with web based systems. We had
therefore developed our own middleware java based solution by applying well known reverse
engineering techniques to the messages exchanged with the card when it performs
cryptographic operations. That being said, we started a new project whose main goal was to
develop a fully java based multi platform middleware for the U.Porto card, and a Java
Cryptographic JCA Provider to incorporate it into the java platform in the most unobtrusive
way. We have therefore developed a modular system for the web that allows instant and
seamless integration of smartcards in two factor authentication processes and other more
elaborate processes involving the personal digital signature of documents under the direct
control of web application that run in the browser. Our solution is fully provisioned via web and
does not require prior installation of any software on the client, only the java plugin is required
to be installed in the browser. The communication with the smartcard is all orchestrated
through Javascript libraries that take advantage of a specially built java applet to directly
exchange the necessary APDUs with the smartcard. The data thus collected is then delivered
to web applications through JSON structures directly instantiated in Javascript variables,
which makes its very simple to manipulate within web applications.
The cryptographic functionality of the smart cards supported by our solution can also be
imported into any Java application through our JCA provider, which allows the programming
of these features in a much more standardized manner.
URLhttp://ecca2015.cz/index.php/program